Re: What do if forgot password?
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 don rhummy wrote: What does GPG have to recover my data if i forgot my password? Well, it won't stop you from trying to brute-force guess your password until you get it right. Of course, depending on what you do remember about your passphrase, how long it is, how strong it is, and what tools you use, it could take anywhere from a few minutes to a few millenia. Other than that, nothing. There are no back doors, no type of magic to get your data back to its original form, nothing. Would you really want to use a program that would allow for such capabilities, though? After all, no software is going to be perfect and definitively know who wants to recover that data. gerry_lowry (alliston ontario canada) wrote: http://sixdemonbag.org/cryptofaq.xhtml#agencies does not like my IE7. The feeling is mutual. Microsoft doesn't feel it's necessary to follow web standards, likely because they want to impose their own proprietary standards. Thankfully, they have not had much success (we have the late Netscape to thank for this). Robert J. Hansen wrote: I try not to join ... IE-bashing ... More torches and pitchforks for the rest of us, then. - -- Key ID: 0xF88E034060A78FCB Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB Windows NT 6.0.6001.18145 | GPG 1.4.9 | Thunderbird 2.0.0.17 | Enigmail 0.95.7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAwAGBQJJjwy0AAoJEPiOA0Bgp4/LxPsIANgT111x/xJFfiKBX53f2yOC d/yTq3Pn7QZX7YtoVDXTdHGZQFPqz46QJimz0AQewmjsm0yGFaUE6Oo3WDOBI003 eMRIdejw5teS6HdLYNx3PH//KKJxuirmecI5xGCbBKYLrkB/teOu4TIyhRbkrtdU UToCpUzNppIt7Qa7p6l9uKduokj3O3eYK+VKq135Q2UGkadlmkdf+HjopWQJhONz QPxIrUR3Iq0A6ZF2SC+HZnVRk9XowWYqBxwwxP59FSymut75XAwQj7UXvhmhzsdx uZPmp86yqfP7FnAE8LLrbpLPcyC092PWvHsLRW9kTawH2kqGPT3W4X7F2pSZf/0= =5wjv -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
don rhummy wrote: What does GPG have to recover my data if i forgot my password? Lots of folks who'll tell you that you are S-O-L. Big Time. The passphrase is the defense to keep a secret key safe. There are no recovery mechanisms absent brute force. This is by design. It's been said on this list countless times, there is _absolutely_ no way to recover anything in OpenPGP without the passphrase. I hope this isn't the situation you are in, because there is nothing that can be done short of remembering the passphrase. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
even if the rumours are true that the government may have such an ability, we'd never know. If you still know your passphrase, and have not done so, create a revocation certificate. Keep both the revocation certificate and your passphrase in a secure and secret (to you) place (but remember where you put them). Anyone who has your passphrase and your private key can decrypt things encrypted for you. Anyone who has your revocation certificate can revoke your key. g. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
What do if forgot password?
What does GPG have to recover my data if i forgot my password? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
thanks. One question on the revocation certificate: If I use it to revoke the key, does that mean i cna then create a new key and thus retrieve everything stored under the previous password/key with the new one? What does revoking it do? --- On Fri, 2/6/09, gerry_lowry (alliston ontario canada) gerry.lo...@abilitybusinesscomputerservices.com wrote: From: gerry_lowry (alliston ontario canada) gerry.lo...@abilitybusinesscomputerservices.com Subject: Re: What do if forgot password? To: GnuPG Users gnupg-users@gnupg.org Date: Friday, February 6, 2009, 11:10 AM even if the rumours are true that the government may have such an ability, we'd never know. If you still know your passphrase, and have not done so, create a revocation certificate. Keep both the revocation certificate and your passphrase in a secure and secret (to you) place (but remember where you put them). Anyone who has your passphrase and your private key can decrypt things encrypted for you. Anyone who has your revocation certificate can revoke your key. g. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
don rhummy wrote: thanks. One question on the revocation certificate: If I use it to revoke the key, does that mean i can then create a new key and thus retrieve everything stored under the previous password/key with the new one? What does revoking it do? Generate new key? Yes. Retrieve anything encrypted to old key? NO. Everything encrypted to the old key is _ONLY_ retrievable with the old key (or any other key it may be encrypted to) Revoking a key flags it to others as no longer valid. If you do not have the passphrase, you cannot revoke a key unless a revocation certificate was previously generated and stored away in the event of a mishap such as this. Sorry, but the revocation certificate suggestion does nothing to help you retrieve things encrypted to the key with the lost passphrase. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
From: don rhummy donrhu...@yahoo.com What does GPG have to recover my data if i forgot my password? The same it has if someone wants to recover your data claiming to be you and that they forgot your password: nothing. I suppose you could print out your unencrypted private key and keep it somewhere very, very safe. Or your password. --David. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
On 6 Feb 2009 at 11:10, gerry_lowry (alliston ontario canada) wrote: even if the rumours are true that the government may have such an ability, we'd never know. Then they would need brute force against key AND password or they know about weaknesses in algorithms which nobody else knows. At least concerning GnuPG or other open source encryption, there cannot be any hidden backdoor by design.. Regards Matthias ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
gerry_lowry (alliston ontario canada) wrote: even if the rumours are true that the government may have such an ability, we'd never know. http://sixdemonbag.org/cryptofaq.xhtml#agencies If you still know your passphrase The original poster made it clear he has forgotten his passphrase. Keep both the revocation certificate and your passphrase in a secure and secret (to you) place (but remember where you put them). When people are asked to find a secure and secret place, they typically do it very badly due to a lack of experience. When an investigator looks for your secure and secret place, the investigator typically does fairly well due to having a lot of experience. You have much better options available to you. For instance, put it in a sealed envelope and give it to your lawyer. Tell your lawyer, this is a very important document and must be kept safe. It is very likely that your lawyer will have lots of experience at this and be much better at it than you are. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
Hi! Am Freitag, den 06.02.2009, 19:16 +0100 schrieb Matthias Mansfeld: even if the rumours are true that the government may have such an ability, we'd never know. Then they would need brute force against key AND password or they know about weaknesses in algorithms which nobody else knows. Let me clarify this a bit: Whoever wants to break your key needs to do only one of the following: 1) Retrieve your public key and break the RSA/... key. -OR- 2) Get access to your secret keyring file and then break the passphrase. NB: Having one's public key and knowing his/her passphrase does not compromise the key. cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
Hello Robert ... the original poster, Don Rhummy, did NOT make it clear, you missed his if: What does GPG have to recover my data if i forgot my password?. Thank you for your excellent advice about using a lawyer ... my safe and secure places tend to be so secure that even I can not find them. B-) http://sixdemonbag.org/cryptofaq.xhtml#agencies does not like my IE7. Your link takes me to http://www.secret-alchemy.com/why_xhtml.html and explains how this occurs. Fortunately, I also have Safari installed and have read your fine article. You may enjoy The Last Theorem, a science fiction novel, Arthur C. Clarke's last AFAIK, in collaboration with Frederik Pohl, published by Ballantine Books/DEL REY/Random House. regards ~~ gerry ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
* Sven Radde em...@sven-radde.de wrote: Then they would need brute force against key AND password or they know about weaknesses in algorithms which nobody else knows. Let me clarify this a bit: Whoever wants to break your key needs to do only one of the following: 1) Retrieve your public key and break the RSA/... key. -OR- 2) Get access to your secret keyring file and then break the passphrase. Don't forget the silver bullet: http://www.xkcd.com/538/ -- left blank, right bald pgpQyh1lgBXIV.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
* don rhummy donrhu...@yahoo.com wrote: What does GPG have to recover my data if i forgot my password? Your last chance is a tool like nasty, check it before you do anything stupid in a rush @ http://www.vanheusden.com/nasty/ -- left blank, right bald pgpVu3j3MHs5j.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 don rhummy escribió: What does GPG have to recover my data if i forgot my password? Absolutely nothing. Assuming you are making your question to know what preventive measures to take, maybe you can store _in a safe place_ a backup of your key without a passphrase... but that would mean that anybody having access to that backup can steal your key. Another option could be to remove the passphrase, print the key with paperkey, store the printed backup in a safe place (and don't forget some insects can eat paper). And set again the passphrase of your key. The printed backup has some advantages: 1.- If stored in a dry and dark place, safe from fungus or insects, it can last for a really long time. 2.- It is stored off-line (of course, it's a printed sheet of paper), so no trojan can steal it. 3.- Probably, anybody that finds it, won't have any idea about what are those funny numbers (of course, if somebody means NSA expert he would probably recognise what the paper is, and would get an _unprotected copy of your key!_) Since my concern is about being hacked, but not about being investigated by government, I don't need to hide my backups under a stone in the middle of a forest... any backup safe from a computer trojan, or a fire affecting my house is good enough for me. But maybe that is not your case. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJjLZ3AAoJEMV4f6PvczxAvkkH/2FHUdn/JAj/nc20I1J3EPAY 0f9vuOr4vz15J704Xe218QbuRi/s3k63IQyNFd+d7OI61WvpxAft/AUxEUwz1CUp zVEnvnrno/b5IbOPzccke3sviKNlQihsCjMa+epmLDYPgAxXmK2XXlCDCIjauMbg 8kIjim8GyWgOHKoqzvGWyJrZaRqhXXGjmufzhxYUg9C0D33jp8sot5Od1Atf98qP d9RRbFJ0MFKBRn4JseUpiim25eMdciWY30AqMo7Bww+PcNYU8CfHv95HbK9i0+GW vWmCeAaLCJBg1oxKngzOWCAjlNa2arypVKGraLK/JxCe1RpN8wdmWYQtjRKyOZk= =rR8x -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 gerry_lowry (alliston ontario canada) escribió: ... http://sixdemonbag.org/cryptofaq.xhtml#agencies does not like my IE7. He already knows that... while I can't be sure, I'd bet Robert doesn't like IE7 too ;-) Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBCAAGBQJJjLxjAAoJEMV4f6PvczxAp/QH/1Zxx8DqgjmQ8U3DJl65v4j7 DvXIXyh29DgYtia1zFO/5Ka4YGW/1qSOZ+b6Bnkd5nJeaftVNe6Kf/Zgen0DVZj1 hLGnxA6yoyfmmXqETFyQYG/JE4imo6yyS7ThsUkjtnjBugS4fH8KyThqVexbeWnQ IetqrTL0+gjPAwLYwoDiydj0yuT2yGc4dHMy49l6SYwMo4xmLI8b1t1CsVLnWiP6 WE3OthLG4jIGM5L4By0deJpOhtQgr5NOhfvZ7j2Z1t6FnfXfM3/SOOqyuihrijIv S+237D0mUrBgsieZir6dKh9dizDdd3wbGppW9wH3mTP9vJb9W12pA5tatevSEiM= =aMJu -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: What do if forgot password?
Faramir wrote: He already knows that... while I can't be sure, I'd bet Robert doesn't like IE7 too ;-) I try not to join Windows-bashing, IE-bashing, or whatever else. I'd much rather stand for something than tear something down. Standards are good for the internet. GnuPG and PGP interoperate as well as they do because of the OpenPGP standard. Windows and Linux machines can interoperate on the same network because they each conform to the TCP/IP standard. And so on, and so on, and so on. Standards are good for the internet. My web pages strictly conform to a nearly ten-year-old W3C standard. I don't care what browser you use to read them. Often on this list we get questions about how to make PGP 6.5.8 interoperate with GnuPG. The usual -- and good -- answer is, PGP 6.5.8 isn't standards conformant, encourage them to get a better application. Likewise, if your browser isn't standards conformant, you may want to get a better browser. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
